Re: mtu problem with masquerading+pppoe(adsl) setup

• Next message: Brian Gerst: "Re: Past CREDITS files"
• Previous message: Robert Olsson: "Re: [announce] [patch] limiting IRQ load, irq-rewrite-2.4.11-B5"
• In reply to: Frank Dekervel: "mtu problem with masquerading+pppoe(adsl) setup"
• Next in thread: Jesse Pollard: "Re: mtu problem with masquerading+pppoe(adsl) setup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In article <200110031300.PAA17063@lambik.cc.kuleuven.ac.be> you wrote:
>
> Hello, (i am sorry if this is the wrong place to ask)
>
> despite the frequent discussions concerning this topic on usenet, i failed
> to solve my problem:
>
> - i have a debian potatoe box that acts as a masquerading server for a
> heterogenous win2k/winnt/mac LAN. pppoe works fine, and so does
> masquerading ... almost
>
> - the kernel i installed is the latest 2.2 kernel (2.2.19)
>
> the problem:
>
> i can't access some sites from the masq clients, while i can access them
> from the masq server. (like www.vitrine.be)
>
> The problem seems to be widely known, and seems to be an MTU+no-fragment
> packets issue. and indeed:
> - the MTU on my LAN is 1500 bytes
> - the MTU on my ppp connection is 1492 bytes.
>
> on the archives, i found the following solutions:
> - raising the ppp MTU to 1500 bytes. it won't work. even if i specify 1500,
> the mtu is still 1492.
> - lowering the mtu of the LAN to 1492 bytes. thats not an option according
> to my boss.
> - upgrade to something newer than 2.2.14. i run 2.2.19 and i still have the
> problem.
>
> So my questions are:
>
> - are there other options ? i read some vague german things about msschamp
> or something like that, but i don't know if they are even related.
>
> - will an upgrade to linux 2.4 or the kernelspace pppoe driver fix my
> problem ? (i would like to keep my current setup, i don't know how
> difficult it is to upgrade a potatoe box to such a recent version ..)

Well, upgrading to a recent 2.4 kernel gives you the possebility to use
the TCPMSS target in iptables which resolves your problems.

I'm also running a Linux masquerading box on a ADSL (T-DSL) line and I have
no problems at all (I can access the site you mentioned fine) with
the following line in iptables:

$IPTABLES -I FORWARD -j TCPMSS -o $FW_WORLD_DEV --clamp-mss-to-pmtu -p tcp --tcp-flags SYN,RST SYN

Cheers,
Juri

-- 
Juri Haberland  <juri@koschikode.com> 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

• Next message: Brian Gerst: "Re: Past CREDITS files"
• Previous message: Robert Olsson: "Re: [announce] [patch] limiting IRQ load, irq-rewrite-2.4.11-B5"
• In reply to: Frank Dekervel: "mtu problem with masquerading+pppoe(adsl) setup"
• Next in thread: Jesse Pollard: "Re: mtu problem with masquerading+pppoe(adsl) setup"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Sun Oct 07 2001 - 21:00:27 EST